UBC Successfully Migrates Windows and SQL Servers to Azure

Industry:  Trade Union

The United Brotherhood of Carpenters is one of North America’s largest building trade unions, with over a half-million members. The union leads the way in training, educating and representing the next generation of skilled construction professionals.

Business Problem

  • Development of Cloud migration plan to Azure.
  • Meet security and regulatory compliance requirements for migrating core legacy applications, including Personify running on Windows Server and SQL Server.
  • Provide ongoing Azure optimization and management.


  • Lightstream Cloud Foundation Framework Workshop and guided Foundation Build aligned with Cloud Adoption Framework (CAF).
  • POC stand up, Security Planning and Design, Network Architecture and Design, App Validation, Automation and Implementation.
  • Lightstream Cloud Managed Services for ongoing Azure management and optimization of financial, technical, security and operational aspects of environment.

Business Outcomes:

  • Successful workloads migration to Azure.
  • Compliant governance and security posture for workload environment enabling UBC to safely deploy applications via Infrastructure-as-Code.
  • Ongoing management and optimization including 65% cost savings through RI management and successful networking providing full direct interoperability between on-premise resources, Azure resources via ExpressRoute and AWS resources via Direct Connect.

Top 5 Azure Mistakes your Security Team is Making

With its scalable structure, pay-as-you-go pricing, and 99.95% SLAs, it’s no wonder Microsoft Azure is a long-time leader in the IaaS space. Its popularity is also due to the fact that it not only offers -Infrastructure as a Service (IaaS) but also Software as a Service (SaaS) and Platform as a Service (PaaS). With Azure, clients can use the services purely in the cloud or combine them with any existing applications, data center or infrastructure already in place. But with all of this flexibility and reliability comes responsibility. It is critical that IT professionals understand Azure’s shared responsibility model as well as which security tasks are handled by the cloud provider and which tasks are handled by you.

Here are -five common security mistakes that typically result from a rushed build/setup process and inadequate management, as well as tips on and how you can avoid them when designing, deploying, and managing your Azure cloud solution.

1. Misconfiguration of Roles & Administration

Misconfiguration is a common occurrence in situations where an Azure solution is implemented without proper planning.

One aspect of misconfiguration is the assignment of roles to users. It is recommended that you follow the principle of least privilege and select a role that provides the user only with the amount of permission they need to do their job. Failing to follow this best practice leads to excess access permission which can easily be avoided by taking the time to properly assign these roles at the outset.

The old adage that “too many cooks spoil the broth” applies to countless scenarios, and Azure is no exception. Assigning too many administrators, failing to establish lease permissions for those administrators, and not enabling Azure’s Multi-Factor Authentication (MFA) are risky oversites. MFA provides an extra layer of security by requiring administrators to provide authentication via phone call, text, or mobile app before they can log into the portal. This helps prevent the administrator’s account from being compromised or misused.

2. Weak, Mismanaged Passwords

This misstep may seem obvious, but regardless of how many times people are warned against setting weak passwords, far too many people still use them. According to Microsoft, they see over 10 million username/password pair attacks every day across their platforms. Failing to assign strong passwords and requiring them to be frequently updated creates vulnerabilities that are easily avoidable.

In setting up Azure services, Microsoft recommends the following to IT administrators:

  • Maintain an 8-character minimum length requirement (and longer is not necessarily better).
  • Eliminate character-composition requirements.
  • Eliminate mandatory periodic password resets for user accounts.
  • Ban common passwords, to keep the most vulnerable passwords out of your system.
  • Educate your users not to re-use their password for non-work-related purposes.
  • Enforce registration for multi-factor authentication.
  • Enable risk based multi-factor authentication challenges.

3. Not Enabling or Managing Logging

Failing to turn on the logging feature is another common misstep in the building process. First, logging must be turned on to permit access visibility. But it doesn’t stop there. The Azure Activity Log must be regularly monitored to gain insight into who is accessing and managing your Azure subscription and to track all create, update, delete, and action activities performed. In addition, an investment in Sentinel – Azure’s cloud-native security information and event manager (SIEM) platform – can go a long way, as it uses built-in artificial intelligence to quickly analyze large volumes of data across an enterprise.

4. Misconfiguration of Security Controls

Haste and -lack of expertise in the configuration of your security tools can mean huge exposure risks for your organization. Failing to enable Azure’s security center and its highly valuable native security tools is a big no-go as it leaves your data open to breaches.

Network Security Groups (NSGs) are the foundation of all network security designs in Azure, and therefore should always be applied to safeguard subnets of a virtual machine-based web application deployment. In a typical design, there is a virtual network and subnets. The subnets should not be assigned to a public IP that could open unwanted ports. NSGs control access by permitting or denying network traffic via communication between different workloads on a vNET, network connectivity from on-site environment into Azure, or direct internet connection.

5. Lack of Oversight

IT administrators often view their Azure cloud solution as just a data center, but it’s essential to remember that this isn’t a case of “set it and forget it.” In fact, your job is far from over once the migration or build is complete; ongoing management and security are critical to the success of your Azure environment.

Proper management of your solution requires a multi-faceted approach. In addition to maintaining compliance with organizational and regulatory security requirements, you must continuously monitor the machines, networks, storage, data services, and applications to protect against potential security issues. Prioritize security alerts and incidents so you can zero in on the most critical threats first. Troubleshooting will be easier if you track changes and create alerts to proactively monitor critical components. Managing update schedules will ensure that your solution is equipped with the latest tools to support ongoing operations.

The bottom line is that your Azure solution is only as strong as the team supporting it. Therefore, IT professionals must do everything in their power to remediate security vulnerabilities before attackers have a chance to take advantage of them. If security and technical expertise and staffing have become obstacles to the effective implementation of your cloud strategy, turn to Lightstream’s Cloud Managed Services (CMS) for help overcoming these challenges.

A Regional Bank Makes First Move to Azure with Help from Lightstream

Industry:  Banking

Cloud Foundation and Managed Services help architect an Azure environment to securely support a new line-of-business application

Business Challenge

A regional bank in the Pacific Northwest was facing a challenge. The company had 200 locations and aggressive growth plans to triple its business in the next two years. To accomplish its objectives, and offer more modern customer experiences, the organization needed to make changes to its applications and infrastructure.

The company operated two data centers in an active-passive architecture. Maintaining the active-passive configuration meant every time hardware or software was installed at the primary location, a duplicate was installed at the backup site.

Operating two data centers in this way was expensive. The company found that it was buying 2-3 times the amount of capacity it really needed, leaving a lot of costly resources stranded and unused. For this reason, the bank wanted to move applications to the cloud and eventually eliminate the need for a second on-premise data center.

To begin, the company selected a customer-facing application to move to Microsoft Azure. The goal was to integrate the new 3rd-party SaaS application while purchasing no additional hardware, adhering to security and regulatory compliance, and improving business continuity.

But the company had no previous experience working with Azure or with managing cloud environments.


Seeking help with the move to Azure, the bank engaged Lightstream in 2019. To gather data about the company’s technical environment and to establish a baseline, Lightstream consultants performed a Cloud Foundation Workshop. The workshop helped the company better understand Azure and the basics of cloud operations and security.

When the workshop concluded, the Lightstream team worked with the company to design a secure architecture to support the SaaS application. The effort included writing custom integration code that enabled the SaaS provider to securely access line-of-business application data in Azure and creating re-factored SQL databases in Azure to support a SaaS solution. The design allowed the company to successfully move the application and created an architecture, process, and procedure for moving more applications into Azure without needing to re-write, re-architect, or re-engineer the environment for every subsequent application.

Business Outcomes

Cloud Architecture to Support Strategic Business Goals

Beginning with a Lightstream Cloud Foundation Workshop, the company was able to design and implement a secure cloud architecture. This enabled bank operations to support a new customer-facing line-of-business application while providing visibility for operational and security teams. And it established a baseline process for moving more applications to Azure as business needs arise.

In addition, the cloud architecture positions the company to move forward with its redesigned disaster recovery strategy. The company can now confidently move more applications to Azure and reduce the need for additional hardware at its backup data center.

Ongoing Cloud Management and Optimization

Having limited experience with cloud environments was a concern for the company. To address this, the company uses Lightstream Cloud Managed Services for ongoing Azure management and optimization of financial, technical, security, and operational aspects of the environment.

Access to Specialized Technical Experts When Needed

Cloud expertise and specialized skills can be difficult to find and expensive to hire. Engaging Lightstream has enabled the company to get the benefit of cloud experts without adding people to its staff.

Improved Cross-IT Communication

One unexpected benefit of working with Lightstream has been the impact on cross-IT communication. Like many organizations, the company’s IT group operated in vertical silos. This often was a challenge, because technical problems often crossed silo boundaries and required cross-group communication and collaboration to resolve them. But effective communication between groups was sometimes hard to achieve and caused delays in finding the root cause of issues.

Lightstream Cloud Managed Services, while focused on supporting the company’s Azure environment, has provided a consistent presence to help solve technical problems. With technical expertise in all aspects of IT, including networking, storage, server, and security, and visibility of the company’s entire network, Lightstream’s technical experts have provided valuable insight and helped bridge communications between different parts of the IT organization.

Contact Information

To learn more about how Lightstream Cloud Foundation Workshop or Cloud Managed Services can help your business create a secure cloud architecture, reduce costs, and improve user experience, visit www.lightstream.tech/solutions/managed-services/.

Lightstream helps a SaaS Company Solidify Its Cloud Strategy in Azure

Cloud Foundation Framework helps the company meet FedRAMP requirements and secure a new government contract.

Business Challenge

Winning a government contract is a big achievement. It takes months, and sometimes years, of diligence and hard work. New business in the public sector brings many benefits, but it also creates new requirements and responsibilities for the service provider.

For one SaaS company, securing a new government contract was contingent on the company’s ability to meet FedRAMP (Federal Risk and Authorization Management Program), a strict set of federally-mandated requirements for cloud products and services. At the time, the company operated 15 data centers around the world and had no public cloud footprint. Though the company’s application was cloud-ready, it was designed to run only in a private cloud environment.

The company needed an ecosystem to run its software that complied with FedRAMP. But to establish that ecosystem within its own data centers would take a long time to achieve and require a substantial investment.

To address this challenge, the company decided to use Microsoft Azure Government, Microsoft’s cloud service designed specifically for government agencies. But to meet the contract requirements, the IT team needed to architect and build the Azure environment quickly and ensure it met all FedRAMP specifications. As a result, they reached out to Lightstream for help.


The first step was to assess the company’s existing environment—infrastructure, security requirements, application dependencies, and processes—and design Azure to meet both the application needs and FedRAMP requirements. This was done by performing a Cloud Foundation Framework engagement.

Next, Lightstream cloud experts built the new environment. The Azure platform was implemented using a design blueprint, which was created during the framework engagement and defined all the technical specifications for the new environment. The work included defining the Azure architecture, implementing all infrastructure (IaaS) components, networking services, Azure SQL, security, and app services needed to make the platform operational.

The final step was validating the environment. Lightstream specialists helped the company execute a proof of concept (POC) project. The company’s application was deployed to Azure and tested to ensure it functioned properly and met all FedRAMP specifications.

Business Outcomes

Successful Migration to Azure Government

Through the Cloud Foundation Framework engagement, the company was able to successfully migrate all its production instances to Azure and meet FedRAMP regulations. This enabled the organization to deliver on the requirements specified in the contract, expanding the company’s presence in the public sector space and increasing its revenue.

CMMC and FedRAMP-compliant Platform

The company’s Azure environment met all FedRAMP requirements and CMMC (Cybersecurity Maturity Model Certification) compliance. This established a platform the company can use to pursue more public sector business opportunities in the future, especially those that require CMMC compliance.

Positioning for Future Cloud Migration

With its cloud strategy firmly set, the company is now positioned to migrate additional workloads and data storage from its existing data centers to the cloud. This will enable them to leverage the cloud’s scalability, flexibility, and operational advantages to lower data center costs over time, address skill-gap challenges, and remove facility-based barriers to growth.

Contact Information

To learn more about how Lightstream Managed Services can help you architect, implement, and manage a hybrid cloud environment that meets your business needs, visit www.lightstream.tech/solutions/managed-services/.

Financial Services Company Architects a Secure Hybrid Cloud Environment in Azure

Cloud Foundation Framework and Cloud Managed Services from Lightstream enable the company to modernize its mortgage lending application and deliver better service.

Business Challenge

The financial services industry is fast-moving and competitive. New SaaS entrants with easy to use applications have put pressure on traditional companies. Today, consumers have a vast array of choices, literally in the palm of their hand.

For one financial services company, addressing this business challenge meant modernizing its applications. For years, the company operated a traditional legacy IT environment. It owned its own data centers. Applications were monolithic tied to back-end relational databases. There was no cloud footprint or ecosystem.

Moving to the cloud offered many benefits: better scalability, faster application development, the opportunity to leverage microservices, and flexible infrastructure. But the company had limited experience with cloud computing.

The CIO reached out to Lightstream for help. The IT team had decided to modernize its mortgage lending application and deploy it in Microsoft Azure. To do that, they needed to architect a hybrid cloud environment that met all security and regulatory requirements for the financial services industry and ensure it remained compliant indefinitely.


Lightstream began by performing a Cloud Foundation Framework engagement. Cloud experts assessed the company’s existing infrastructure components (from compute/storage to bare metal devices), security and governance posture, and application portfolio. Then, they worked with the company to align its business outcomes with technical capabilities in Azure and created a design blueprint for the new environment.

The blueprint defined all the technical specifications required to extend the company’s on-premise environment into Azure. It addressed cloud configurations and platform governance, identity and access management requirements and integration, network and interconnectivity needs, security services, and operational processes.

Armed with the blueprint, Lightstream’s technical specialists then built the Azure environment. This provided a safe, compliant destination or landing pad for the company’s application portfolio migration.

To ensure ongoing compliance, the company selected Lightstream Cloud Managed Services—a comprehensive service offering that manages cloud security, spending, and technology—to oversee management and operation of its Azure environment.

Business Outcomes

Improved Governance and Security Posture

The Cloud Foundation Framework helped the company design its Azure environment to meet the strict security and regulatory requirements of the financial services industry. This improved their overall security posture and enabled them to deploy applications with confidence. In addition, Cloud Managed Services has enabled the company to improve governance over the new environment by providing operational expertise and proactive management to ensure compliance as new applications are developed and deployed.

Reduced Time-to-Market for Application Development

With a secure, compliant foundation built in Azure, the company was able to design and deploy   a new mortgage lending application faster than it could have in a legacy environment. The Azure environment also provides the foundation needed for the company’s DevOps team to develop new applications to satisfy the evolving needs of their customers. This enables the company to deploy new services and capabilities faster, improve service to its existing customers, and attract new consumers.

Improved Operating Environment

Azure provides a number of improvements to the company’s operating environment. There is an improved communication landscape, reducing application latency and improving operational processes. And the new environment eliminates concerns over scalability.

Contact Information

To learn more about how Lightstream Managed Services can help your business build a secure hybrid cloud environment that will help you modernize your applications and improve customer experience, visit www.lightstream.tech/solutions/managed-services/.


5 Reasons Your Contact Center
Should Be in the Cloud

As smart enterprises tap digital technologies to improve their business outcomes, they also have to ensure that customers remain at the forefront of their transformation.

Simple, right?

Today, customers demand almost instantaneous access to information, so your contact center has to be one step ahead.

Paramount to getting ahead is connecting agents with real-time knowledge sources about your products and customers and being able to rapidly respond to customer requests across all channels including web, voice, email, chat and social.

Because in this era of digitization, businesses must be able to connect with digital-savvy customers in a digital manner.

That’s means surpassing customer-service expectations on digital channels or risk losing them to competitors altogether.

For smart businesses, this isn’t an option.

That’s why they’re going all in on moving their customer contact centers to the cloud.

In fact, 62% of organizations already have migrated to a cloud call center solution, according to DMG Consulting, while 46% of the companies that haven’t migrated their call-center service are considering moving to the cloud soon.

Here are 5 reasons your business needs to abandon its legacy on-premise system and begin delivering state-of-the-art customer-care solutions.

1. Accelerated deployment

Since you’re moving the solution to the cloud, there’s no hardware to install or maintain, no need to set up infrastructure or find compatible software typically required for legacy on-premise systems. Let’s face it, dealing with old PBX systems can be more frustrating than trying to put together an IKEA coffee table. Thankfully, setting up cloud-based call center software is usually no more difficult that installing an app on a computer. It’s an out-of-the box solution – no assembly required!

2. Cost savings – Ka-Ching!

Tired of replacing your onsite system every five to 10 years because of aging hardware and obsolete software? It’s time to bring on the cloud. With a cloud-based system, you can forget about account-emptying investments on unneeded servers, storage or pricey software licenses. Instead you will typically work with flat-rate billing for a monthly subscription. Yes, you’ll need to invest in  quality bandwidth to ensure rapid action from your call team, but your overall cloud savings will more than mitigate any needed capital expenditure. With the cloud, you only pay for what you use — nice!

3. Flexibility and scalability

Since you’ll ditch your legacy on-premise system and its chunky hardware requirements, enjoy knowing that your cloud-based contact center has the flexibility to add new phone lines and features as needed to deal with the up-and-down cycles of call volume. Having seasonally high phone traffic is great, but you’ll need additional hard phones and computers with an on-premise solution. When calls slow on a cloud-based solution, you’ll be able to scale down without boxes of costly and unused equipment taking up space in the office closet.

4. Outsourced maintenance = less stress

You’ve called vendors, the Maytag repairman and even asked the office administrator to jiggle some wires in a desperate effort to fix the bug in your on-premise contact-center software. Meanwhile customers are going bye-bye. Sound familiar? By taking to the cloud, you outsource the daily maintenance requirements to just one vendor, allowing you to optimize your internal IT resources and ensuring your customers are on the phone making orders instead of being dropped. That’s a win-win for everyone!

5. Security and compliance

Not many organizations can afford the resources or time to acquire the latest security measures that meet today’s increasingly strict privacy regulations. Maintaining strong physical security across many business locations—each with its own on-premise system—simply is not practical or cost effective.

With a cloud solution, you’ll have access to greater security measures to protect customer information than with traditional premise-based systems. What’s more, with complicated compliance requirements, flexibility to adapt to new regulatory changes with a centralized platform for recording, archiving and deleting calls is key in controlling risks. Cloud technology allows you to significantly lower the cost of adding new features to meet emerging compliance requirements.

Ready to learn more how migrating to a cloud-based contact center can transform your customer care and your business? Then, think about Amazon Connect.

Amazon Connect is a pay-as-you-need, cloud-based contact center that delivers better customer service at a lower price. It includes self-service, CRM integration, Alexa functionality, is scalable and elastic and includes custom reporting on an open platform that is AI-enabled for translation, transcription and sentiment analysis. There are no upfront payments or long-term commitments and because it runs on AWS, there is no infrastructure to manage.

As an Amazon Connect Service Delivery Partner, Lightstream can help you with an end-to-end contact center solution. Through our unique engagement model, we’ll envision, design and help you implement an Amazon Connect solution that’s right for you, including ongoing management and support services to keep your customer care center operating optimally.


AWS and Lightstream Whoop It Up at SPIN Chicago

AWS Event

Ever challenged a ping pong professional who used his iPhone as a paddle to a match?

Ever witnessed IT partners battle it out for glory in business casual attire?

That’s what happened in April when Lightstream and AWS got together in SPIN Chicago’s ping pong entertainment venue. AWS’s Central Region Territory and Lightstream, along with Lightstream CEO Jim Cassell, held a meet-and-greet and whooped it up.

AWS Central Territory Vice President Jonathan Leaf was more than happy to take on Lightstream in ping pong as well as strengthen the two organizations’ relationship. The relaxed atmosphere was the perfect way for AWS Territory Reps to learn how Lightstream helps its clients get better value out of their AWS products and services.

AWS Event

Experts in All Things AWS

Lightstream is an APN Advanced Consulting Partner and helps clients assess, design and manage their migrations to AWS. Lightstream’s deep engineering skills and knowledge of AWS products and services means companies turn to Lightstream to help with:

The AWS team was particularly intrigued by Lightstream’s success with AWS Cloud Managed Services. Lightstream offers expert advice coupled with managed services and easy-to-use tools that help organizations manage spend and optimize their AWS environments. The AWS team felt Lightstream’s proven track record of managing cloud spend, helping align IT and finance and enabling elastic cloud growth was a game changer (and in more than just ping pong!).

A Secret Competitive Sauce

One secret sauce in Lightstream’s Cloud Managed Services is Lightstream Connect.

Lightstream Connect solves the visibility problem organizations have into their cloud and telecom services by providing a holistic view into a company’s technology spend and network through a single pane of glass. It securely integrates with carriers, AWS and Lightstream’s service-management platform to consolidate orders, services inventory, usage and analytics into one place.

A Star is Born: Amazon Connect

A key new offering Lightstream supports is Amazon Connect. Lightstream’s recent success in implementing Amazon Connect at Los Angeles based start-up HopSkipDrive demonstrated Lightstream’s understanding not only of AWS and cloud networking but also telephony.

In this case, Lightstream analyzed HopSkipDrive’s call flows and application integration requirements. Lightstream engineered AWS Lambda to automatically retrieve the customer data based on the individual’s phone number and route the customer to the correct agent based on service request and the priority. Lightstream next configured the AWS environment and Amazon Connect with HopSkipDrive’s preferred Interactive Voice Response Solution (IVR), Kustomer. The environment was thoroughly tested, and the existing 1-800 number successfully ported over. The result was not only a smoother and responsive call-center experience, but an instant 50% drop in call-center costs.

Mission Accomplished!

This deep dive into Lightstream’s AWS capabilities and services provided tremendous value for both AWS and Lightstream. Vice President Jonathan Leaf told his team that when clients need additional value around AWS security, AWS Direct Connect, Amazon Connect or AWS Cloud Managed Services, they should hands (and ping-pong paddles) down call Lightstream.